#!/bin/bash

# /home/your_username/.gitenc
GITENC_CONF="$HOME/.gitenc"

function toencrypt() {

  if [[ $1 != *.gpg ]] &&
     ([[ $1 == *connection* ]] ||
     [[ $1 == *.conf ]] ||
     [[ $1 == *.cnf ]] ||
     [[ $1 =~ .*sql* ]] ||
     [[ $1 =~ .*config* ]]) &&
     [ "$(find "$1" -mmin -1440 -exec echo "true" \;)" == 'true' ];

  then

    # sensitive data filename match; encrypt (if modified within the past 24hrs)
    lockdown "$1"

    # add the encrypted file to git
    git add "$1".gpg

    # remove the original from git tracking
    git reset "$1"

    # append the original to .gitignore
    echo "$1" >> .gitignore

    IGNORE="true"

  else

    # normal file, git away
    git add "$1"

    IGNORE="false"

  fi

  # call outside the loop so it isn't added on each match
  if [ $IGNORE == "true" ];
  then

    git add .gitignore

  fi
}

function lockdown() {

  # if a previously encrypted file exists, remove it
  if [ -f "$1".gpg ];
  then

    rm "$1".gpg

  fi

  # to alter the cipher used, append your selection below
  gpg --batch -c --passphrase-file "$GITENC_CONF" "$1"

}


# a gitenc add argument is passed, validate to see if encryption is needed
if [ "$1" == "add" ];
then

  if [ "$2" == "." ] || [ "$2" == "-A" ] || [ "$2" == "--all" ];
  then

    for filename in $(git status --porcelain | sed s/^...//);
      do {

        # only re-encrypt files if they were changed in the last 24hrs
        toencrypt "$filename"

      }
    done

  else

    # singular file add
    toencrypt "$2"

    fi

### setup ###
elif [ "$1" == 'setup' ];
then

  function createconfig() {

    echo "$1" > "$GITENC_CONF"
    echo -e "GPG password saved to $HOME/.gitenc!\nYou can now auto-encrypt your config by running:\n\tgitenc add filename\n\tor\n\tgitenc add ."
    exit 0

  }


  echo "Enter your preferred password to use for the GPG encryption:"
  read -rs PW_PREF


  # if the directory for config doesn't already exist, create it
  if [ "$PW_PREF" != "" ] && [ ! -f "$GITENC_CONF" ];
  then

    touch "$GITENC_CONF"

    # if a .gitingore doesn't exist, it'll need to be added
    if [ ! -f .gitignore ];
    then

      touch .gitignore

    fi

  elif [ "$PW_PREF" == "" ];
  then

    echo "GPG password should not be blank.  Try again:"
    read -rs PW_PREF

  else

    echo "Unknown error occured, please submit a bug report: https://notabug.org/angela/gitenc"
    exit 1

  fi

    # assuming.. if we made it this far, there was a successful config creation
    createconfig "$PW_PREF"

elif [ "$1" == "-h" ] ||  [ "$1" == "--help" ] || [ "$1" == "help" ];
then

  echo -e "\n\t\tGITENC USAGE\n\n"
  echo -e "gitenc add filename\nParses the individual added filename for common sensitive filenames (ie. widget.conf or connection.py)\n"
  echo -e "gitenc add . or -A or --all\nParses group filenames for common sensitive filenames (ie. widget.conf or connection.py)\n"
  echo -e "gitenc add filename1 filename2 filename3\nNot implemented; don't use.  \
  One might assume since you're adding individual filenames by hand, you wouldn't intentionally commit a sensitive file in the first place.\n \
  Use git add filename1 filename2 filename3"

else

  # gitenc is not a replacement for git
  echo -e "Command not recognized; you only need to run gitenc in place of 'git add'.. it serves no other purpose.\nRun 'git yourcommand', instead."

fi
